CT log servers for SCT

To how many CT Log servers, Lets Encrypt CA server send certificate for SCT/certificate entries in the log ?

I checked some certificates for LE and found that for a certificate entries are in 3 servers, and another has entries in 4 and other one in 5 servers.
Exp -

All above certificates have different entries in Certificate Transparency header.

Should not the no. of servers remain same as SCT is a time bound process which includes 24 hours as MMD ?

Hi @prok_in,

Great question!

It's not completely static. New logs appear, old logs get disqualified, sometimes log operators ask us to stop submitting for a little while and then we may resume again.

I believe presently we submit to Icarus, Venafi's gen2 log, Sabre, Mammoth, and one of Cloudflare's new logs. The staging environment only submits to test-tube.

The three certificates you shared were issued in three different points in time and the # of logs we were submitting to can change as I explained above. It isn't a constant.

Hope that helps explain!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.